Vulnerability

Domain controller patch alert! Vulnerability grants domain admin access in 10 seconds

Oct 15, 2020 By Log360 In ManageEngine

A critical Active Directory vulnerability (CVE-2020-1472) has been making headlines for being the most notorious elevation of privilege bug because it can affect all computers and domain controllers in an organization. This high-risk vulnerability, dubbed Zerologon, gives threat actors easy, instant access to domain controllers without requiring any additional privileges. This attack does not even require a user to be authenticated; the user just needs to be connected to the internal network.

Read Post

ManageEngine

Read more about Domain controller patch alert! Vulnerability grants domain admin access in 10 seconds

Fix now: High risk vulnerabilities at large, October 13th

Oct 15, 2020 By Simon Roe In Outpost 24

This time around, the MySQL vulnerabilities caught our attention because of their low CVSS scores compared to their high likelihood risk rating. This is something we see often when working with our customers, and demonstrates how a risk based approach to vulnerability management changes as organizations focus on where there is a real risk of compromise.

Read Post

Outpost 24

Read more about Fix now: High risk vulnerabilities at large, October 13th

How To Start A Scan On Kondukto?

Oct 15, 2020 By Kondukto In Kondukto

Watch this guide to start a scan on Kondukto in 2 min.

View Video

Kondukto

Read more about How To Start A Scan On Kondukto?

Open Source Vulnerability Management in DevOps

Oct 14, 2020 By Synopsys

Open source components are the foundation of every software application in every industry. But, its many benefits can often lead its consumers to overlook how open source affects the security of their application.

Get White Paper

Synopsys

Read more about Open Source Vulnerability Management in DevOps

DIY Guide to Open Source Vulnerability Management

Oct 14, 2020 By Synopsys

You've realized you need to do a better job of tracking and managing your open source as well as the vulnerabilities and licenses associated with it. How hard can vulnerability management be? Do you really need special tools? After all, the license and vulnerability information is publicly available. Once you get a list of open source components and do some Google searching, you should be all set, right?

Get EBook

Synopsys

Read more about DIY Guide to Open Source Vulnerability Management

Container Inspection: Walking The Security Tightrope For Cloud DevOps

Oct 9, 2020 By Sergio Loureiro In Outpost 24

Containers are at the forefront of software development creating a revolution in cloud computing. Developers are opting for containerization at an impressive rate due to its efficiency, flexibility and portability. However, as the usage of containers increases, so should the security surrounding it. With containers comprising of many valuable components it is of the utmost importance that there are no vulnerabilities exposed when developing applications, and risks are mitigated before containers, and their contents, reach the end-user.

Read Post

Outpost 24

Read more about Container Inspection: Walking The Security Tightrope For Cloud DevOps

Security misconfiguration prevention | ManageEngine Vulnerability Manager Plus

Oct 9, 2020 By ManageEngine In ManageEngine

ManageEngine Vulnerability Manager Plus is a prioritization driven threat and vulnerability management solution for enterprises with built-in remediation. This video covers how you can utilize Vulnerability Manager Plus' security configuration management feature to continually detect security misconfigurations in your endpoints using a pre-defined set of baselines, and bring them back to compliance.

View Video

ManageEngine

Read more about Security misconfiguration prevention | ManageEngine Vulnerability Manager Plus

Detecting Security Vulnerabilities with Alerts

Oct 8, 2020 By Nick Carstensen In Graylog

Every day we discover new vulnerabilities in our systems, cracks in the fence the adversaries take advantage of to get into your organization and wreak havoc. Understanding what you have in your environment (e.g., types of devices, systems equipment, etc.) is very important in order to make sure the controls in place are working and more importantly, keeping up with the threat landscape.

Read Post

Graylog

Read more about Detecting Security Vulnerabilities with Alerts

Zerologon: Tripwire Industrial Visibility Threat Definition Update Released

Oct 5, 2020 By Robert Landavazo In Tripwire

Today, we released a Threat Definition Update bundle for our Tripwire Industrial Visibility solution to aid in the detection of Zerologon. Otherwise known as CVE-2020-1472, Zerologon made news in the summer of 2020 when it received a CVSSv3 score of 10—the most critical rating of severity. Zerologon is a vulnerability that affects the cryptographic authentication mechanism used by the Microsoft Windows Netlogon Remote Protocol (MS-NRPC), a core authentication component of Active Directory.

Read Post

Tripwire

Read more about Zerologon: Tripwire Industrial Visibility Threat Definition Update Released

Fix now: High risk vulnerabilities at large, September 29th

Sep 30, 2020 By Simon Roe In Outpost 24

Since the global pandemic we’ve been writing about the latest CVEs to look out for in our risk based vulnerability management blog. As we head into the Autumn and the nights begin to draw in, threat actors continue to exploit vulnerabilities and cause disruption. Let’s take a look at some that have raised their profile in the last couple of weeks

Read Post